Merge "Clean up Keystore compilation"
diff --git a/keymaster/Android.mk b/keymaster/Android.mk
index 73ed231..5a7ef34 100644
--- a/keymaster/Android.mk
+++ b/keymaster/Android.mk
@@ -12,37 +12,24 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-ifeq ($(TARGET_ARCH),arm)
ifneq (,$(filter grouper tilapia, $(TARGET_DEVICE)))
-
-# This is a nasty hack. keystore.grouper is Open Source, but it
-# links against a non-Open library, so we can only build it
-# when that library is present.
+# Keystore.grouper is Open Source, but it links against a non-Open library,
+# Print a warning and skip this module if the library is not present in the
+# vendor directory or BOARD_HAS_TF_CRYPTO_SST has not been set
+BOARD_HAS_TF_CRYPTO_SST ?= $(if $(wildcard vendor/*/$(TARGET_DEVICE)/*/libtf_crypto_sst.so),true)
ifeq ($(BOARD_HAS_TF_CRYPTO_SST),true)
-
-LOCAL_PATH := $(call my-dir)
-
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := keystore.grouper
-
-LOCAL_MODULE_PATH := $(TARGET_OUT_SHARED_LIBRARIES)/hw
-
-LOCAL_SRC_FILES := \
- keymaster_grouper.cpp
-
-LOCAL_C_INCLUDES := \
- libcore/include \
- $(LOCAL_PATH)/../security/tf_sdk/include
-
-LOCAL_CFLAGS := -fvisibility=hidden -Wall -Werror
-
-LOCAL_SHARED_LIBRARIES := libcutils liblog libcrypto libtf_crypto_sst
-
-LOCAL_MODULE_TAGS := optional
-
-include $(BUILD_SHARED_LIBRARY)
-
+ LOCAL_PATH := $(call my-dir)
+ include $(CLEAR_VARS)
+ LOCAL_MODULE := keystore.grouper
+ LOCAL_MODULE_PATH := $(TARGET_OUT_SHARED_LIBRARIES)/hw
+ LOCAL_SRC_FILES := keymaster_grouper.cpp
+ LOCAL_CFLAGS := -Werror
+ LOCAL_SHARED_LIBRARIES := libcutils liblog libcrypto libtf_crypto_sst
+ LOCAL_MODULE_TAGS := optional
+ LOCAL_MODULE_OWNER := google
+ include $(BUILD_SHARED_LIBRARY)
+else
+$(warning WARNING : Skipping keystore.grouper - Dependency Not Found libtf_crypto_sst )
endif
endif
-endif
+
diff --git a/self-extractors/nvidia/staging/device-partial.mk b/self-extractors/nvidia/staging/device-partial.mk
index 4b5399e..201dc7a 100644
--- a/self-extractors/nvidia/staging/device-partial.mk
+++ b/self-extractors/nvidia/staging/device-partial.mk
@@ -71,4 +71,3 @@
libstagefrighthw \
libtf_crypto_sst
-PRODUCT_PACKAGES += keystore.grouper
diff --git a/self-extractors/nvidia/staging/keymaster/Android.mk b/self-extractors/nvidia/staging/keymaster/Android.mk
deleted file mode 100644
index 01a5b1d..0000000
--- a/self-extractors/nvidia/staging/keymaster/Android.mk
+++ /dev/null
@@ -1,44 +0,0 @@
-# Copyright (C) 2011 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ifeq ($(TARGET_ARCH),arm)
-ifeq ($(TARGET_DEVICE),grouper)
-
-LOCAL_PATH := $(call my-dir)
-
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := keystore.grouper
-
-LOCAL_MODULE_PATH := $(TARGET_OUT_SHARED_LIBRARIES)/hw
-
-LOCAL_SRC_FILES := \
- keymaster_grouper.cpp
-
-LOCAL_C_INCLUDES := \
- libcore/include \
- $(LOCAL_PATH)/../security/tf_sdk/include
-
-LOCAL_CFLAGS := -fvisibility=hidden -Wall -Werror
-
-LOCAL_SHARED_LIBRARIES := libcutils liblog libcrypto libtf_crypto_sst
-
-LOCAL_MODULE_TAGS := optional
-
-LOCAL_MODULE_OWNER := google
-
-include $(BUILD_SHARED_LIBRARY)
-
-endif
-endif
diff --git a/self-extractors/nvidia/staging/keymaster/NOTICE b/self-extractors/nvidia/staging/keymaster/NOTICE
deleted file mode 100644
index 390eaed..0000000
--- a/self-extractors/nvidia/staging/keymaster/NOTICE
+++ /dev/null
@@ -1,220 +0,0 @@
-/**
- * Copyright(c) 2011 Trusted Logic. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- * * Neither the name Trusted Logic nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-
- Copyright (C) 2011 The Android Open Source Project
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
-
- Apache License
- Version 2.0, January 2004
- http://www.apache.org/licenses/
-
- TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
- 1. Definitions.
-
- "License" shall mean the terms and conditions for use, reproduction,
- and distribution as defined by Sections 1 through 9 of this document.
-
- "Licensor" shall mean the copyright owner or entity authorized by
- the copyright owner that is granting the License.
-
- "Legal Entity" shall mean the union of the acting entity and all
- other entities that control, are controlled by, or are under common
- control with that entity. For the purposes of this definition,
- "control" means (i) the power, direct or indirect, to cause the
- direction or management of such entity, whether by contract or
- otherwise, or (ii) ownership of fifty percent (50%) or more of the
- outstanding shares, or (iii) beneficial ownership of such entity.
-
- "You" (or "Your") shall mean an individual or Legal Entity
- exercising permissions granted by this License.
-
- "Source" form shall mean the preferred form for making modifications,
- including but not limited to software source code, documentation
- source, and configuration files.
-
- "Object" form shall mean any form resulting from mechanical
- transformation or translation of a Source form, including but
- not limited to compiled object code, generated documentation,
- and conversions to other media types.
-
- "Work" shall mean the work of authorship, whether in Source or
- Object form, made available under the License, as indicated by a
- copyright notice that is included in or attached to the work
- (an example is provided in the Appendix below).
-
- "Derivative Works" shall mean any work, whether in Source or Object
- form, that is based on (or derived from) the Work and for which the
- editorial revisions, annotations, elaborations, or other modifications
- represent, as a whole, an original work of authorship. For the purposes
- of this License, Derivative Works shall not include works that remain
- separable from, or merely link (or bind by name) to the interfaces of,
- the Work and Derivative Works thereof.
-
- "Contribution" shall mean any work of authorship, including
- the original version of the Work and any modifications or additions
- to that Work or Derivative Works thereof, that is intentionally
- submitted to Licensor for inclusion in the Work by the copyright owner
- or by an individual or Legal Entity authorized to submit on behalf of
- the copyright owner. For the purposes of this definition, "submitted"
- means any form of electronic, verbal, or written communication sent
- to the Licensor or its representatives, including but not limited to
- communication on electronic mailing lists, source code control systems,
- and issue tracking systems that are managed by, or on behalf of, the
- Licensor for the purpose of discussing and improving the Work, but
- excluding communication that is conspicuously marked or otherwise
- designated in writing by the copyright owner as "Not a Contribution."
-
- "Contributor" shall mean Licensor and any individual or Legal Entity
- on behalf of whom a Contribution has been received by Licensor and
- subsequently incorporated within the Work.
-
- 2. Grant of Copyright License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- copyright license to reproduce, prepare Derivative Works of,
- publicly display, publicly perform, sublicense, and distribute the
- Work and such Derivative Works in Source or Object form.
-
- 3. Grant of Patent License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- (except as stated in this section) patent license to make, have made,
- use, offer to sell, sell, import, and otherwise transfer the Work,
- where such license applies only to those patent claims licensable
- by such Contributor that are necessarily infringed by their
- Contribution(s) alone or by combination of their Contribution(s)
- with the Work to which such Contribution(s) was submitted. If You
- institute patent litigation against any entity (including a
- cross-claim or counterclaim in a lawsuit) alleging that the Work
- or a Contribution incorporated within the Work constitutes direct
- or contributory patent infringement, then any patent licenses
- granted to You under this License for that Work shall terminate
- as of the date such litigation is filed.
-
- 4. Redistribution. You may reproduce and distribute copies of the
- Work or Derivative Works thereof in any medium, with or without
- modifications, and in Source or Object form, provided that You
- meet the following conditions:
-
- (a) You must give any other recipients of the Work or
- Derivative Works a copy of this License; and
-
- (b) You must cause any modified files to carry prominent notices
- stating that You changed the files; and
-
- (c) You must retain, in the Source form of any Derivative Works
- that You distribute, all copyright, patent, trademark, and
- attribution notices from the Source form of the Work,
- excluding those notices that do not pertain to any part of
- the Derivative Works; and
-
- (d) If the Work includes a "NOTICE" text file as part of its
- distribution, then any Derivative Works that You distribute must
- include a readable copy of the attribution notices contained
- within such NOTICE file, excluding those notices that do not
- pertain to any part of the Derivative Works, in at least one
- of the following places: within a NOTICE text file distributed
- as part of the Derivative Works; within the Source form or
- documentation, if provided along with the Derivative Works; or,
- within a display generated by the Derivative Works, if and
- wherever such third-party notices normally appear. The contents
- of the NOTICE file are for informational purposes only and
- do not modify the License. You may add Your own attribution
- notices within Derivative Works that You distribute, alongside
- or as an addendum to the NOTICE text from the Work, provided
- that such additional attribution notices cannot be construed
- as modifying the License.
-
- You may add Your own copyright statement to Your modifications and
- may provide additional or different license terms and conditions
- for use, reproduction, or distribution of Your modifications, or
- for any such Derivative Works as a whole, provided Your use,
- reproduction, and distribution of the Work otherwise complies with
- the conditions stated in this License.
-
- 5. Submission of Contributions. Unless You explicitly state otherwise,
- any Contribution intentionally submitted for inclusion in the Work
- by You to the Licensor shall be under the terms and conditions of
- this License, without any additional terms or conditions.
- Notwithstanding the above, nothing herein shall supersede or modify
- the terms of any separate license agreement you may have executed
- with Licensor regarding such Contributions.
-
- 6. Trademarks. This License does not grant permission to use the trade
- names, trademarks, service marks, or product names of the Licensor,
- except as required for reasonable and customary use in describing the
- origin of the Work and reproducing the content of the NOTICE file.
-
- 7. Disclaimer of Warranty. Unless required by applicable law or
- agreed to in writing, Licensor provides the Work (and each
- Contributor provides its Contributions) on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- implied, including, without limitation, any warranties or conditions
- of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
- PARTICULAR PURPOSE. You are solely responsible for determining the
- appropriateness of using or redistributing the Work and assume any
- risks associated with Your exercise of permissions under this License.
-
- 8. Limitation of Liability. In no event and under no legal theory,
- whether in tort (including negligence), contract, or otherwise,
- unless required by applicable law (such as deliberate and grossly
- negligent acts) or agreed to in writing, shall any Contributor be
- liable to You for damages, including any direct, indirect, special,
- incidental, or consequential damages of any character arising as a
- result of this License or out of the use or inability to use the
- Work (including but not limited to damages for loss of goodwill,
- work stoppage, computer failure or malfunction, or any and all
- other commercial damages or losses), even if such Contributor
- has been advised of the possibility of such damages.
-
- 9. Accepting Warranty or Additional Liability. While redistributing
- the Work or Derivative Works thereof, You may choose to offer,
- and charge a fee for, acceptance of support, warranty, indemnity,
- or other liability obligations and/or rights consistent with this
- License. However, in accepting such obligations, You may act only
- on Your own behalf and on Your sole responsibility, not on behalf
- of any other Contributor, and only if You agree to indemnify,
- defend, and hold each Contributor harmless for any liability
- incurred by, or claims asserted against, such Contributor by reason
- of your accepting any such warranty or additional liability.
-
- END OF TERMS AND CONDITIONS
-
diff --git a/self-extractors/nvidia/staging/keymaster/cryptoki.h b/self-extractors/nvidia/staging/keymaster/cryptoki.h
deleted file mode 100644
index 41a66ec..0000000
--- a/self-extractors/nvidia/staging/keymaster/cryptoki.h
+++ /dev/null
@@ -1,54 +0,0 @@
-/**
- * Copyright(c) 2011 Trusted Logic. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- * * Neither the name Trusted Logic nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-#ifndef __CRYPTOKI_H__
-#define __CRYPTOKI_H__
-
-#include "s_type.h"
-
-/* Define CRYPTOKI_EXPORTS during the build of cryptoki libraries. Do
- * not define it in applications.
- */
-#ifdef CRYPTOKI_EXPORTS
-#define PKCS11_EXPORT S_DLL_EXPORT
-#else
-#define PKCS11_EXPORT S_DLL_IMPORT
-#endif
-
-#define CKV_TOKEN_SYSTEM 0x00000001
-#define CKV_TOKEN_SYSTEM_SHARED 0x00000000
-#define CKV_TOKEN_USER 0x00004004
-#define CKV_TOKEN_USER_SHARED 0x00004012
-
-#define CKV_TOKEN_SYSTEM_GROUP(gid) (0x00010000 | (gid))
-#define CKV_TOKEN_USER_GROUP(gid) (0x00020000 | (gid))
-
-#include "pkcs11.h"
-
-#endif /* __CRYPTOKI_H__ */
diff --git a/self-extractors/nvidia/staging/keymaster/keymaster_grouper.cpp b/self-extractors/nvidia/staging/keymaster/keymaster_grouper.cpp
deleted file mode 100644
index 37f306a..0000000
--- a/self-extractors/nvidia/staging/keymaster/keymaster_grouper.cpp
+++ /dev/null
@@ -1,981 +0,0 @@
-/*
- * Copyright (C) 2011 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#include <errno.h>
-#include <string.h>
-#include <stdint.h>
-
-// For debugging
-#define LOG_NDEBUG 0
-
-// TEE is the Trusted Execution Environment
-#define LOG_TAG "TEEKeyMaster"
-#include <cutils/log.h>
-
-#include <hardware/hardware.h>
-#include <hardware/keymaster0.h>
-
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-
-#include <cryptoki.h>
-#include <pkcs11.h>
-
-#include <UniquePtr.h>
-
-
-/** The size of a key ID in bytes */
-#define ID_LENGTH 32
-
-/** The current stored key version. */
-const static uint32_t KEY_VERSION = 1;
-
-
-struct EVP_PKEY_Delete {
- void operator()(EVP_PKEY* p) const {
- EVP_PKEY_free(p);
- }
-};
-typedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY;
-
-struct RSA_Delete {
- void operator()(RSA* p) const {
- RSA_free(p);
- }
-};
-typedef UniquePtr<RSA, RSA_Delete> Unique_RSA;
-
-struct PKCS8_PRIV_KEY_INFO_Delete {
- void operator()(PKCS8_PRIV_KEY_INFO* p) const {
- PKCS8_PRIV_KEY_INFO_free(p);
- }
-};
-typedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO;
-
-typedef UniquePtr<keymaster0_device_t> Unique_keymaster_device_t;
-
-typedef UniquePtr<CK_BYTE[]> Unique_CK_BYTE;
-
-typedef UniquePtr<CK_ATTRIBUTE[]> Unique_CK_ATTRIBUTE;
-
-class ByteArray {
-public:
- ByteArray(CK_BYTE* array, size_t len) :
- mArray(array), mLength(len) {
- }
-
- ByteArray(size_t len) :
- mLength(len) {
- mArray = new CK_BYTE[len];
- }
-
- ~ByteArray() {
- if (mArray != NULL) {
- delete[] mArray;
- }
- }
-
- CK_BYTE* get() const {
- return mArray;
- }
-
- void setLength(size_t length) {
- mLength = length;
- }
-
- size_t length() const {
- return mLength;
- }
-
- CK_BYTE* release() {
- CK_BYTE* array = mArray;
- mArray = NULL;
- return array;
- }
-
-private:
- CK_BYTE* mArray;
- size_t mLength;
-};
-typedef UniquePtr<ByteArray> Unique_ByteArray;
-
-class CryptoSession {
-public:
- CryptoSession(CK_SESSION_HANDLE masterHandle) :
- mHandle(masterHandle), mSubsession(CK_INVALID_HANDLE) {
- CK_SESSION_HANDLE subsessionHandle = mHandle;
- CK_RV openSessionRV = C_OpenSession(CKV_TOKEN_USER,
- CKF_SERIAL_SESSION | CKF_RW_SESSION | CKVF_OPEN_SUB_SESSION,
- NULL,
- NULL,
- &subsessionHandle);
-
- if (openSessionRV != CKR_OK || subsessionHandle == CK_INVALID_HANDLE) {
- (void) C_Finalize(NULL_PTR);
- ALOGE("Error opening secondary session with TEE: 0x%x", openSessionRV);
- } else {
- ALOGV("Opening subsession 0x%x", subsessionHandle);
- mSubsession = subsessionHandle;
- }
- }
-
- ~CryptoSession() {
- if (mSubsession != CK_INVALID_HANDLE) {
- CK_RV rv = C_CloseSession(mSubsession);
- ALOGV("Closing subsession 0x%x: 0x%x", mSubsession, rv);
- mSubsession = CK_INVALID_HANDLE;
- }
- }
-
- CK_SESSION_HANDLE get() const {
- return mSubsession;
- }
-
- CK_SESSION_HANDLE getPrimary() const {
- return mHandle;
- }
-
-private:
- CK_SESSION_HANDLE mHandle;
- CK_SESSION_HANDLE mSubsession;
-};
-
-class ObjectHandle {
-public:
- ObjectHandle(const CryptoSession* session, CK_OBJECT_HANDLE handle = CK_INVALID_HANDLE) :
- mSession(session), mHandle(handle) {
- }
-
- ~ObjectHandle() {
- if (mHandle != CK_INVALID_HANDLE) {
- CK_RV rv = C_CloseObjectHandle(mSession->getPrimary(), mHandle);
- if (rv != CKR_OK) {
- ALOGW("Couldn't close object handle 0x%x: 0x%x", mHandle, rv);
- } else {
- ALOGV("Closing object handle 0x%x", mHandle);
- mHandle = CK_INVALID_HANDLE;
- }
- }
- }
-
- CK_OBJECT_HANDLE get() const {
- return mHandle;
- }
-
- void reset(CK_OBJECT_HANDLE handle) {
- mHandle = handle;
- }
-
-private:
- const CryptoSession* mSession;
- CK_OBJECT_HANDLE mHandle;
-};
-
-
-/**
- * Many OpenSSL APIs take ownership of an argument on success but don't free the argument
- * on failure. This means we need to tell our scoped pointers when we've transferred ownership,
- * without triggering a warning by not using the result of release().
- */
-#define OWNERSHIP_TRANSFERRED(obj) \
- typeof (obj.release()) _dummy __attribute__((unused)) = obj.release()
-
-
-/*
- * Checks this thread's OpenSSL error queue and logs if
- * necessary.
- */
-static void logOpenSSLError(const char* location) {
- int error = ERR_get_error();
-
- if (error != 0) {
- char message[256];
- ERR_error_string_n(error, message, sizeof(message));
- ALOGE("OpenSSL error in %s %d: %s", location, error, message);
- }
-
- ERR_clear_error();
- ERR_remove_state(0);
-}
-
-
-/**
- * Convert from OpenSSL's BIGNUM format to TEE's Big Integer format.
- */
-static ByteArray* bignum_to_array(const BIGNUM* bn) {
- const int bignumSize = BN_num_bytes(bn);
-
- Unique_CK_BYTE bytes(new CK_BYTE[bignumSize]);
-
- unsigned char* tmp = reinterpret_cast<unsigned char*>(bytes.get());
- if (BN_bn2bin(bn, tmp) != bignumSize) {
- ALOGE("public exponent size wasn't what was expected");
- return NULL;
- }
-
- return new ByteArray(bytes.release(), bignumSize);
-}
-
-static void set_attribute(CK_ATTRIBUTE* attrib, CK_ATTRIBUTE_TYPE type, void* pValue,
- CK_ULONG ulValueLen) {
- attrib->type = type;
- attrib->pValue = pValue;
- attrib->ulValueLen = ulValueLen;
-}
-
-static ByteArray* generate_random_id() {
- Unique_ByteArray id(new ByteArray(ID_LENGTH));
- if (RAND_pseudo_bytes(reinterpret_cast<unsigned char*>(id->get()), id->length()) < 0) {
- return NULL;
- }
-
- return id.release();
-}
-
-static int keyblob_save(ByteArray* objId, uint8_t** key_blob, size_t* key_blob_length) {
- Unique_ByteArray handleBlob(new ByteArray(sizeof(uint32_t) + objId->length()));
- if (handleBlob.get() == NULL) {
- ALOGE("Could not allocate key blob");
- return -1;
- }
- uint8_t* tmp = handleBlob->get();
- for (size_t i = 0; i < sizeof(uint32_t); i++) {
- *tmp++ = KEY_VERSION >> ((sizeof(uint32_t) - i - 1) * 8);
- }
- memcpy(tmp, objId->get(), objId->length());
-
- *key_blob_length = handleBlob->length();
- *key_blob = handleBlob->get();
- ByteArray* unused __attribute__((unused)) = handleBlob.release();
-
- return 0;
-}
-
-static int find_single_object(const uint8_t* obj_id, const size_t obj_id_length,
- CK_OBJECT_CLASS obj_class, const CryptoSession* session, ObjectHandle* object) {
-
- // Note that the CKA_ID attribute is never written, so we can cast away const here.
- void* obj_id_ptr = reinterpret_cast<void*>(const_cast<uint8_t*>(obj_id));
- CK_ATTRIBUTE attributes[] = {
- { CKA_ID, obj_id_ptr, obj_id_length },
- { CKA_CLASS, &obj_class, sizeof(obj_class) },
- };
-
- CK_RV rv = C_FindObjectsInit(session->get(), attributes,
- sizeof(attributes) / sizeof(CK_ATTRIBUTE));
- if (rv != CKR_OK) {
- ALOGE("Error in C_FindObjectsInit: 0x%x", rv);
- return -1;
- }
-
- CK_OBJECT_HANDLE tmpHandle;
- CK_ULONG tmpCount;
-
- rv = C_FindObjects(session->get(), &tmpHandle, 1, &tmpCount);
- ALOGV("Found %d object 0x%x : class 0x%x", tmpCount, tmpHandle, obj_class);
- if (rv != CKR_OK || tmpCount != 1) {
- C_FindObjectsFinal(session->get());
- ALOGE("Couldn't find key!");
- return -1;
- }
- C_FindObjectsFinal(session->get());
-
- object->reset(tmpHandle);
- return 0;
-}
-
-static int keyblob_restore(const CryptoSession* session, const uint8_t* keyBlob,
- const size_t keyBlobLength, ObjectHandle* public_key, ObjectHandle* private_key) {
- if (keyBlob == NULL) {
- ALOGE("key blob was null");
- return -1;
- }
-
- if (keyBlobLength < (sizeof(KEY_VERSION) + ID_LENGTH)) {
- ALOGE("key blob is not correct size");
- return -1;
- }
-
- uint32_t keyVersion = 0;
-
- const uint8_t* p = keyBlob;
- for (size_t i = 0; i < sizeof(keyVersion); i++) {
- keyVersion = (keyVersion << 8) | *p++;
- }
-
- if (keyVersion != 1) {
- ALOGE("Invalid key version %d", keyVersion);
- return -1;
- }
-
- return find_single_object(p, ID_LENGTH, CKO_PUBLIC_KEY, session, public_key)
- || find_single_object(p, ID_LENGTH, CKO_PRIVATE_KEY, session, private_key);
-}
-
-static int tee_generate_keypair(const keymaster0_device_t* dev,
- const keymaster_keypair_t type, const void* key_params,
- uint8_t** key_blob, size_t* key_blob_length) {
- CK_BBOOL bTRUE = CK_TRUE;
-
- if (type != TYPE_RSA) {
- ALOGW("Unknown key type %d", type);
- return -1;
- }
-
- if (key_params == NULL) {
- ALOGW("generate_keypair params were NULL");
- return -1;
- }
-
- keymaster_rsa_keygen_params_t* rsa_params = (keymaster_rsa_keygen_params_t*) key_params;
-
- CK_MECHANISM mechanism = {
- CKM_RSA_PKCS_KEY_PAIR_GEN, NULL, 0,
- };
- CK_ULONG modulusBits = (CK_ULONG) rsa_params->modulus_size;
-
- /**
- * Convert our unsigned 64-bit integer to the TEE Big Integer class. It's
- * an unsigned array of bytes with MSB first.
- */
- CK_BYTE publicExponent[sizeof(uint64_t)];
- const uint64_t exp = rsa_params->public_exponent;
- size_t offset = sizeof(publicExponent) - 1;
- for (size_t i = 0; i < sizeof(publicExponent); i++) {
- publicExponent[offset--] = (exp >> (i * CHAR_BIT)) & 0xFF;
- }
-
- Unique_ByteArray objId(generate_random_id());
- if (objId.get() == NULL) {
- ALOGE("Couldn't generate random key ID");
- return -1;
- }
-
- CK_ATTRIBUTE publicKeyTemplate[] = {
- {CKA_ID, objId->get(), objId->length()},
- {CKA_TOKEN, &bTRUE, sizeof(bTRUE)},
- {CKA_ENCRYPT, &bTRUE, sizeof(bTRUE)},
- {CKA_VERIFY, &bTRUE, sizeof(bTRUE)},
- {CKA_MODULUS_BITS, &modulusBits, sizeof(modulusBits)},
- {CKA_PUBLIC_EXPONENT, publicExponent, sizeof(publicExponent)},
- };
-
- CK_ATTRIBUTE privateKeyTemplate[] = {
- {CKA_ID, objId->get(), objId->length()},
- {CKA_TOKEN, &bTRUE, sizeof(bTRUE)},
- {CKA_DECRYPT, &bTRUE, sizeof(bTRUE)},
- {CKA_SIGN, &bTRUE, sizeof(bTRUE)},
- };
-
- CryptoSession session(reinterpret_cast<CK_SESSION_HANDLE>(dev->context));
-
- CK_OBJECT_HANDLE hPublicKey, hPrivateKey;
- CK_RV rv = C_GenerateKeyPair(session.get(),
- &mechanism,
- publicKeyTemplate,
- sizeof(publicKeyTemplate)/sizeof(CK_ATTRIBUTE),
- privateKeyTemplate,
- sizeof(privateKeyTemplate)/sizeof(CK_ATTRIBUTE),
- &hPublicKey,
- &hPrivateKey);
-
- if (rv != CKR_OK) {
- ALOGE("Generate keypair failed: 0x%x", rv);
- return -1;
- }
-
- ObjectHandle publicKey(&session, hPublicKey);
- ObjectHandle privateKey(&session, hPrivateKey);
- ALOGV("public handle = 0x%x, private handle = 0x%x", publicKey.get(), privateKey.get());
-
- return keyblob_save(objId.get(), key_blob, key_blob_length);
-}
-
-static int tee_import_keypair(const keymaster0_device_t* dev,
- const uint8_t* key, const size_t key_length,
- uint8_t** key_blob, size_t* key_blob_length) {
- CK_RV rv;
- CK_BBOOL bTRUE = CK_TRUE;
-
- if (key == NULL) {
- ALOGW("provided key is null");
- return -1;
- }
-
- Unique_PKCS8_PRIV_KEY_INFO pkcs8(d2i_PKCS8_PRIV_KEY_INFO(NULL, &key, key_length));
- if (pkcs8.get() == NULL) {
- logOpenSSLError("tee_import_keypair");
- return -1;
- }
-
- /* assign to EVP */
- Unique_EVP_PKEY pkey(EVP_PKCS82PKEY(pkcs8.get()));
- if (pkey.get() == NULL) {
- logOpenSSLError("tee_import_keypair");
- return -1;
- }
-
- if (EVP_PKEY_type(pkey->type) != EVP_PKEY_RSA) {
- ALOGE("Unsupported key type: %d", EVP_PKEY_type(pkey->type));
- return -1;
- }
-
- Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey.get()));
- if (rsa.get() == NULL) {
- logOpenSSLError("tee_import_keypair");
- return -1;
- }
-
- Unique_ByteArray modulus(bignum_to_array(rsa->n));
- if (modulus.get() == NULL) {
- ALOGW("Could not convert modulus to array");
- return -1;
- }
-
- Unique_ByteArray publicExponent(bignum_to_array(rsa->e));
- if (publicExponent.get() == NULL) {
- ALOGW("Could not convert publicExponent to array");
- return -1;
- }
-
- CK_KEY_TYPE rsaType = CKK_RSA;
-
- CK_OBJECT_CLASS pubClass = CKO_PUBLIC_KEY;
-
- Unique_ByteArray objId(generate_random_id());
- if (objId.get() == NULL) {
- ALOGE("Couldn't generate random key ID");
- return -1;
- }
-
- CK_ATTRIBUTE publicKeyTemplate[] = {
- {CKA_ID, objId->get(), objId->length()},
- {CKA_TOKEN, &bTRUE, sizeof(bTRUE)},
- {CKA_CLASS, &pubClass, sizeof(pubClass)},
- {CKA_KEY_TYPE, &rsaType, sizeof(rsaType)},
- {CKA_ENCRYPT, &bTRUE, sizeof(bTRUE)},
- {CKA_VERIFY, &bTRUE, sizeof(bTRUE)},
- {CKA_MODULUS, modulus->get(), modulus->length()},
- {CKA_PUBLIC_EXPONENT, publicExponent->get(), publicExponent->length()},
- };
-
- CryptoSession session(reinterpret_cast<CK_SESSION_HANDLE>(dev->context));
-
- CK_OBJECT_HANDLE hPublicKey;
- rv = C_CreateObject(session.get(),
- publicKeyTemplate,
- sizeof(publicKeyTemplate)/sizeof(CK_ATTRIBUTE),
- &hPublicKey);
- if (rv != CKR_OK) {
- ALOGE("Creation of public key failed: 0x%x", rv);
- return -1;
- }
- ObjectHandle publicKey(&session, hPublicKey);
-
- Unique_ByteArray privateExponent(bignum_to_array(rsa->d));
- if (privateExponent.get() == NULL) {
- ALOGW("Could not convert private exponent");
- return -1;
- }
-
-
- /*
- * Normally we need:
- * CKA_ID
- * CKA_TOKEN
- * CKA_CLASS
- * CKA_KEY_TYPE
- *
- * CKA_DECRYPT
- * CKA_SIGN
- *
- * CKA_MODULUS
- * CKA_PUBLIC_EXPONENT
- * CKA_PRIVATE_EXPONENT
- */
-#define PRIV_ATTRIB_NORMAL_NUM (4 + 2 + 3)
-
- /*
- * For additional private key values:
- * CKA_PRIME_1
- * CKA_PRIME_2
- *
- * CKA_EXPONENT_1
- * CKA_EXPONENT_2
- *
- * CKA_COEFFICIENT
- */
-#define PRIV_ATTRIB_EXTENDED_NUM (PRIV_ATTRIB_NORMAL_NUM + 5)
-
- /*
- * If we have the prime, prime exponents, and coefficient, we can
- * copy them in.
- */
- bool has_extra_data = (rsa->p != NULL) && (rsa->q != NULL) && (rsa->dmp1 != NULL) &&
- (rsa->dmq1 != NULL) && (rsa->iqmp != NULL);
-
- Unique_CK_ATTRIBUTE privateKeyTemplate(new CK_ATTRIBUTE[
- has_extra_data ? PRIV_ATTRIB_EXTENDED_NUM : PRIV_ATTRIB_NORMAL_NUM]);
-
- CK_OBJECT_CLASS privClass = CKO_PRIVATE_KEY;
-
- size_t templateOffset = 0;
-
- set_attribute(&privateKeyTemplate[templateOffset++], CKA_ID, objId->get(), objId->length());
- set_attribute(&privateKeyTemplate[templateOffset++], CKA_TOKEN, &bTRUE, sizeof(bTRUE));
- set_attribute(&privateKeyTemplate[templateOffset++], CKA_CLASS, &privClass, sizeof(privClass));
- set_attribute(&privateKeyTemplate[templateOffset++], CKA_KEY_TYPE, &rsaType, sizeof(rsaType));
-
- set_attribute(&privateKeyTemplate[templateOffset++], CKA_DECRYPT, &bTRUE, sizeof(bTRUE));
- set_attribute(&privateKeyTemplate[templateOffset++], CKA_SIGN, &bTRUE, sizeof(bTRUE));
-
- set_attribute(&privateKeyTemplate[templateOffset++], CKA_MODULUS, modulus->get(),
- modulus->length());
- set_attribute(&privateKeyTemplate[templateOffset++], CKA_PUBLIC_EXPONENT,
- publicExponent->get(), publicExponent->length());
- set_attribute(&privateKeyTemplate[templateOffset++], CKA_PRIVATE_EXPONENT,
- privateExponent->get(), privateExponent->length());
-
- Unique_ByteArray prime1, prime2, exp1, exp2, coeff;
- if (has_extra_data) {
- prime1.reset(bignum_to_array(rsa->p));
- if (prime1->get() == NULL) {
- ALOGW("Could not convert prime1");
- return -1;
- }
- set_attribute(&privateKeyTemplate[templateOffset++], CKA_PRIME_1, prime1->get(),
- prime1->length());
-
- prime2.reset(bignum_to_array(rsa->q));
- if (prime2->get() == NULL) {
- ALOGW("Could not convert prime2");
- return -1;
- }
- set_attribute(&privateKeyTemplate[templateOffset++], CKA_PRIME_2, prime2->get(),
- prime2->length());
-
- exp1.reset(bignum_to_array(rsa->dmp1));
- if (exp1->get() == NULL) {
- ALOGW("Could not convert exponent 1");
- return -1;
- }
- set_attribute(&privateKeyTemplate[templateOffset++], CKA_EXPONENT_1, exp1->get(),
- exp1->length());
-
- exp2.reset(bignum_to_array(rsa->dmq1));
- if (exp2->get() == NULL) {
- ALOGW("Could not convert exponent 2");
- return -1;
- }
- set_attribute(&privateKeyTemplate[templateOffset++], CKA_EXPONENT_2, exp2->get(),
- exp2->length());
-
- coeff.reset(bignum_to_array(rsa->iqmp));
- if (coeff->get() == NULL) {
- ALOGW("Could not convert coefficient");
- return -1;
- }
- set_attribute(&privateKeyTemplate[templateOffset++], CKA_COEFFICIENT, coeff->get(),
- coeff->length());
- }
-
- CK_OBJECT_HANDLE hPrivateKey;
- rv = C_CreateObject(session.get(),
- privateKeyTemplate.get(),
- templateOffset,
- &hPrivateKey);
- if (rv != CKR_OK) {
- ALOGE("Creation of private key failed: 0x%x", rv);
- return -1;
- }
- ObjectHandle privateKey(&session, hPrivateKey);
-
- ALOGV("public handle = 0x%x, private handle = 0x%x", publicKey.get(), privateKey.get());
-
- return keyblob_save(objId.get(), key_blob, key_blob_length);
-}
-
-static int tee_get_keypair_public(const keymaster0_device_t* dev,
- const uint8_t* key_blob, const size_t key_blob_length,
- uint8_t** x509_data, size_t* x509_data_length) {
-
- CryptoSession session(reinterpret_cast<CK_SESSION_HANDLE>(dev->context));
-
- ObjectHandle publicKey(&session);
- ObjectHandle privateKey(&session);
-
- if (keyblob_restore(&session, key_blob, key_blob_length, &publicKey, &privateKey)) {
- return -1;
- }
-
- if (x509_data == NULL || x509_data_length == NULL) {
- ALOGW("Provided destination variables were null");
- return -1;
- }
-
- CK_ATTRIBUTE attributes[] = {
- {CKA_MODULUS, NULL, 0},
- {CKA_PUBLIC_EXPONENT, NULL, 0},
- };
-
- // Call first to get the sizes of the values.
- CK_RV rv = C_GetAttributeValue(session.get(), publicKey.get(), attributes,
- sizeof(attributes)/sizeof(CK_ATTRIBUTE));
- if (rv != CKR_OK) {
- ALOGW("Could not query attribute value sizes: 0x%02x", rv);
- return -1;
- }
-
- ByteArray modulus(new CK_BYTE[attributes[0].ulValueLen], attributes[0].ulValueLen);
- ByteArray exponent(new CK_BYTE[attributes[1].ulValueLen], attributes[1].ulValueLen);
-
- attributes[0].pValue = modulus.get();
- attributes[1].pValue = exponent.get();
-
- rv = C_GetAttributeValue(session.get(), publicKey.get(), attributes,
- sizeof(attributes) / sizeof(CK_ATTRIBUTE));
- if (rv != CKR_OK) {
- ALOGW("Could not query attribute values: 0x%02x", rv);
- return -1;
- }
-
- ALOGV("modulus is %d (ret=%d), exponent is %d (ret=%d)",
- modulus.length(), attributes[0].ulValueLen,
- exponent.length(), attributes[1].ulValueLen);
-
- /*
- * Work around a bug in the implementation. The first call to measure how large the array
- * should be sometimes returns values that are too large. The call to get the actual value
- * returns the correct length of the array, so use that instead.
- */
- modulus.setLength(attributes[0].ulValueLen);
- exponent.setLength(attributes[1].ulValueLen);
-
- Unique_RSA rsa(RSA_new());
- if (rsa.get() == NULL) {
- ALOGE("Could not allocate RSA structure");
- return -1;
- }
-
- rsa->n = BN_bin2bn(reinterpret_cast<const unsigned char*>(modulus.get()), modulus.length(),
- NULL);
- if (rsa->n == NULL) {
- logOpenSSLError("tee_get_keypair_public");
- return -1;
- }
-
- rsa->e = BN_bin2bn(reinterpret_cast<const unsigned char*>(exponent.get()), exponent.length(),
- NULL);
- if (rsa->e == NULL) {
- logOpenSSLError("tee_get_keypair_public");
- return -1;
- }
-
- Unique_EVP_PKEY pkey(EVP_PKEY_new());
- if (pkey.get() == NULL) {
- ALOGE("Could not allocate EVP_PKEY structure");
- return -1;
- }
- if (EVP_PKEY_assign_RSA(pkey.get(), rsa.get()) != 1) {
- logOpenSSLError("tee_get_keypair_public");
- return -1;
- }
- OWNERSHIP_TRANSFERRED(rsa);
-
- int len = i2d_PUBKEY(pkey.get(), NULL);
- if (len <= 0) {
- logOpenSSLError("tee_get_keypair_public");
- return -1;
- }
-
- UniquePtr<uint8_t> key(static_cast<uint8_t*>(malloc(len)));
- if (key.get() == NULL) {
- ALOGE("Could not allocate memory for public key data");
- return -1;
- }
-
- unsigned char* tmp = reinterpret_cast<unsigned char*>(key.get());
- if (i2d_PUBKEY(pkey.get(), &tmp) != len) {
- logOpenSSLError("tee_get_keypair_public");
- return -1;
- }
-
- ALOGV("Length of x509 data is %d", len);
- *x509_data_length = len;
- *x509_data = key.release();
-
- return 0;
-}
-
-static int tee_delete_keypair(const keymaster0_device_t* dev,
- const uint8_t* key_blob, const size_t key_blob_length) {
-
- CryptoSession session(reinterpret_cast<CK_SESSION_HANDLE>(dev->context));
-
- ObjectHandle publicKey(&session);
- ObjectHandle privateKey(&session);
-
- if (keyblob_restore(&session, key_blob, key_blob_length, &publicKey, &privateKey)) {
- return -1;
- }
-
- // Delete the private key.
- CK_RV rv = C_DestroyObject(session.get(), privateKey.get());
- if (rv != CKR_OK) {
- ALOGW("Could destroy private key object: 0x%02x", rv);
- return -1;
- }
-
- // Delete the public key.
- rv = C_DestroyObject(session.get(), publicKey.get());
- if (rv != CKR_OK) {
- ALOGW("Could destroy public key object: 0x%02x", rv);
- return -1;
- }
-
- return 0;
-}
-
-static int tee_sign_data(const keymaster0_device_t* dev,
- const void* params,
- const uint8_t* key_blob, const size_t key_blob_length,
- const uint8_t* data, const size_t dataLength,
- uint8_t** signedData, size_t* signedDataLength) {
- ALOGV("tee_sign_data(%p, %p, %llu, %p, %llu, %p, %p)", dev, key_blob,
- (unsigned long long) key_blob_length, data, (unsigned long long) dataLength, signedData,
- signedDataLength);
-
- if (params == NULL) {
- ALOGW("Signing params were null");
- return -1;
- }
-
- CryptoSession session(reinterpret_cast<CK_SESSION_HANDLE>(dev->context));
-
- ObjectHandle publicKey(&session);
- ObjectHandle privateKey(&session);
-
- if (keyblob_restore(&session, key_blob, key_blob_length, &publicKey, &privateKey)) {
- return -1;
- }
- ALOGV("public handle = 0x%x, private handle = 0x%x", publicKey.get(), privateKey.get());
-
- keymaster_rsa_sign_params_t* sign_params = (keymaster_rsa_sign_params_t*) params;
- if (sign_params->digest_type != DIGEST_NONE) {
- ALOGW("Cannot handle digest type %d", sign_params->digest_type);
- return -1;
- } else if (sign_params->padding_type != PADDING_NONE) {
- ALOGW("Cannot handle padding type %d", sign_params->padding_type);
- return -1;
- }
-
- CK_MECHANISM rawRsaMechanism = {
- CKM_RSA_X_509, NULL, 0
- };
-
- CK_RV rv = C_SignInit(session.get(), &rawRsaMechanism, privateKey.get());
- if (rv != CKR_OK) {
- ALOGV("C_SignInit failed: 0x%x", rv);
- return -1;
- }
-
- CK_BYTE signature[1024];
- CK_ULONG signatureLength = 1024;
-
- rv = C_Sign(session.get(), data, dataLength, signature, &signatureLength);
- if (rv != CKR_OK) {
- ALOGV("C_SignFinal failed: 0x%x", rv);
- return -1;
- }
-
- UniquePtr<uint8_t[]> finalSignature(new uint8_t[signatureLength]);
- if (finalSignature.get() == NULL) {
- ALOGE("Couldn't allocate memory to copy signature");
- return -1;
- }
-
- memcpy(finalSignature.get(), signature, signatureLength);
-
- *signedData = finalSignature.release();
- *signedDataLength = static_cast<size_t>(signatureLength);
-
- ALOGV("tee_sign_data(%p, %p, %llu, %p, %llu, %p, %p) => %p size %llu", dev, key_blob,
- (unsigned long long) key_blob_length, data, (unsigned long long) dataLength, signedData,
- signedDataLength, *signedData, (unsigned long long) *signedDataLength);
-
- return 0;
-}
-
-static int tee_verify_data(const keymaster0_device_t* dev,
- const void* params,
- const uint8_t* keyBlob, const size_t keyBlobLength,
- const uint8_t* signedData, const size_t signedDataLength,
- const uint8_t* signature, const size_t signatureLength) {
- ALOGV("tee_verify_data(%p, %p, %llu, %p, %llu, %p, %llu)", dev, keyBlob,
- (unsigned long long) keyBlobLength, signedData, (unsigned long long) signedDataLength,
- signature, (unsigned long long) signatureLength);
-
- if (params == NULL) {
- ALOGW("Verification params were null");
- return -1;
- }
-
- CryptoSession session(reinterpret_cast<CK_SESSION_HANDLE>(dev->context));
-
- ObjectHandle publicKey(&session);
- ObjectHandle privateKey(&session);
-
- if (keyblob_restore(&session, keyBlob, keyBlobLength, &publicKey, &privateKey)) {
- return -1;
- }
- ALOGV("public handle = 0x%x, private handle = 0x%x", publicKey.get(), privateKey.get());
-
- keymaster_rsa_sign_params_t* sign_params = (keymaster_rsa_sign_params_t*) params;
- if (sign_params->digest_type != DIGEST_NONE) {
- ALOGW("Cannot handle digest type %d", sign_params->digest_type);
- return -1;
- } else if (sign_params->padding_type != PADDING_NONE) {
- ALOGW("Cannot handle padding type %d", sign_params->padding_type);
- return -1;
- }
-
- CK_MECHANISM rawRsaMechanism = {
- CKM_RSA_X_509, NULL, 0
- };
-
- CK_RV rv = C_VerifyInit(session.get(), &rawRsaMechanism, publicKey.get());
- if (rv != CKR_OK) {
- ALOGV("C_VerifyInit failed: 0x%x", rv);
- return -1;
- }
-
- // This is a bad prototype for this function. C_Verify should have only const args.
- rv = C_Verify(session.get(), signedData, signedDataLength,
- const_cast<unsigned char*>(signature), signatureLength);
- if (rv != CKR_OK) {
- ALOGV("C_Verify failed: 0x%x", rv);
- return -1;
- }
-
- return 0;
-}
-
-/* Close an opened OpenSSL instance */
-static int tee_close(hw_device_t *dev) {
- keymaster0_device_t *keymaster_dev = (keymaster0_device_t *) dev;
- if (keymaster_dev != NULL) {
- CK_SESSION_HANDLE handle = reinterpret_cast<CK_SESSION_HANDLE>(keymaster_dev->context);
- if (handle != CK_INVALID_HANDLE) {
- C_CloseSession(handle);
- }
- }
-
- CK_RV finalizeRV = C_Finalize(NULL_PTR);
- if (finalizeRV != CKR_OK) {
- ALOGE("Error closing the TEE");
- }
- free(dev);
-
- return 0;
-}
-
-/*
- * Generic device handling
- */
-static int tee_open(const hw_module_t* module, const char* name,
- hw_device_t** device) {
- if (strcmp(name, KEYSTORE_KEYMASTER) != 0)
- return -EINVAL;
-
- Unique_keymaster_device_t dev(new keymaster0_device_t);
- if (dev.get() == NULL)
- return -ENOMEM;
-
- dev->common.tag = HARDWARE_DEVICE_TAG;
- dev->common.version = 1;
- dev->common.module = (struct hw_module_t*) module;
- dev->common.close = tee_close;
-
- dev->generate_keypair = tee_generate_keypair;
- dev->import_keypair = tee_import_keypair;
- dev->get_keypair_public = tee_get_keypair_public;
- dev->delete_keypair = tee_delete_keypair;
- dev->sign_data = tee_sign_data;
- dev->verify_data = tee_verify_data;
- dev->delete_all = NULL;
-
- CK_RV initializeRV = C_Initialize(NULL);
- if (initializeRV != CKR_OK) {
- ALOGE("Error initializing TEE: 0x%x", initializeRV);
- return -ENODEV;
- }
-
- CK_INFO info;
- CK_RV infoRV = C_GetInfo(&info);
- if (infoRV != CKR_OK) {
- (void) C_Finalize(NULL_PTR);
- ALOGE("Error getting information about TEE during initialization: 0x%x", infoRV);
- return -ENODEV;
- }
-
- ALOGI("C_GetInfo cryptokiVer=%d.%d manufID=%s flags=%d libDesc=%s libVer=%d.%d\n",
- info.cryptokiVersion.major, info.cryptokiVersion.minor,
- info.manufacturerID, info.flags, info.libraryDescription,
- info.libraryVersion.major, info.libraryVersion.minor);
-
- CK_SESSION_HANDLE sessionHandle = CK_INVALID_HANDLE;
-
- CK_RV openSessionRV = C_OpenSession(CKV_TOKEN_USER,
- CKF_SERIAL_SESSION | CKF_RW_SESSION,
- NULL,
- NULL,
- &sessionHandle);
-
- if (openSessionRV != CKR_OK || sessionHandle == CK_INVALID_HANDLE) {
- (void) C_Finalize(NULL_PTR);
- ALOGE("Error opening primary session with TEE: 0x%x", openSessionRV);
- return -1;
- }
-
- ERR_load_crypto_strings();
- ERR_load_BIO_strings();
-
- dev->context = reinterpret_cast<void*>(sessionHandle);
- *device = reinterpret_cast<hw_device_t*>(dev.release());
-
- return 0;
-}
-
-static struct hw_module_methods_t keystore_module_methods = {
- open: tee_open,
-};
-
-struct keystore_module HAL_MODULE_INFO_SYM
-__attribute__ ((visibility ("default"))) = {
- common: {
- tag: HARDWARE_MODULE_TAG,
- version_major: 1,
- version_minor: 0,
- id: KEYSTORE_HARDWARE_MODULE_ID,
- name: "Keymaster TEE HAL",
- author: "The Android Open Source Project",
- methods: &keystore_module_methods,
- dso: 0,
- reserved: {},
- },
-};
diff --git a/self-extractors/nvidia/staging/keymaster/pkcs11.h b/self-extractors/nvidia/staging/keymaster/pkcs11.h
deleted file mode 100644
index 8f28917..0000000
--- a/self-extractors/nvidia/staging/keymaster/pkcs11.h
+++ /dev/null
@@ -1,595 +0,0 @@
-/**
- * Copyright(c) 2011 Trusted Logic. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- * * Neither the name Trusted Logic nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * This header file contains the definition of the PKCS#11 types and functions
- * supported by the Trusted Foundations Software. This header file is
- * derived from the RSA Security Inc. PKCS #11 Cryptographic Token Interface
- * (Cryptoki)
- */
-#ifndef __PKCS11_H__
-#define __PKCS11_H__
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*------------------------------------------
-* Types and constants
-*------------------------------------------*/
-
-#include "s_type.h"
-
-#define CK_TRUE true
-#define CK_FALSE false
-
-#ifndef FALSE
-#define FALSE CK_FALSE
-#endif
-
-#ifndef TRUE
-#define TRUE CK_TRUE
-#endif
-
-#define NULL_PTR NULL
-
-typedef uint8_t CK_BYTE, *CK_BYTE_PTR;
-typedef CK_BYTE CK_CHAR, *CK_CHAR_PTR;
-typedef CK_BYTE CK_UTF8CHAR, *CK_UTF8CHAR_PTR;
-typedef bool CK_BBOOL;
-typedef uint32_t CK_ULONG, *CK_ULONG_PTR;
-typedef int32_t CK_LONG;
-typedef CK_ULONG CK_FLAGS;
-typedef void* CK_VOID_PTR, *CK_VOID_PTR_PTR;
-
-#define CK_INVALID_HANDLE 0
-
-typedef struct CK_VERSION
-{
- CK_BYTE major;
- CK_BYTE minor;
-}
-CK_VERSION, *CK_VERSION_PTR;
-
-typedef struct CK_INFO
-{
- CK_VERSION cryptokiVersion;
- CK_UTF8CHAR manufacturerID[32];
- CK_FLAGS flags;
- CK_UTF8CHAR libraryDescription[32];
- CK_VERSION libraryVersion;
-}
-CK_INFO, *CK_INFO_PTR;
-
-typedef CK_ULONG CK_NOTIFICATION;
-typedef CK_ULONG CK_SLOT_ID, *CK_SLOT_ID_PTR;
-typedef CK_ULONG CK_SESSION_HANDLE, *CK_SESSION_HANDLE_PTR;
-
-typedef CK_ULONG CK_USER_TYPE;
-#define CKU_SO 0
-#define CKU_USER 1
-#define CKU_CONTEXT_SPECIFIC 2
-
-typedef CK_ULONG CK_STATE;
-#define CKS_RO_PUBLIC_SESSION 0
-#define CKS_RO_USER_FUNCTIONS 1
-#define CKS_RW_PUBLIC_SESSION 2
-#define CKS_RW_USER_FUNCTIONS 3
-#define CKS_RW_SO_FUNCTIONS 4
-
-typedef struct CK_SESSION_INFO
-{
- CK_SLOT_ID slotID;
- CK_STATE state;
- CK_FLAGS flags;
- CK_ULONG ulDeviceError;
-}
-CK_SESSION_INFO, *CK_SESSION_INFO_PTR;
-
-#define CKF_RW_SESSION 0x00000002
-#define CKF_SERIAL_SESSION 0x00000004
-#define CKVF_OPEN_SUB_SESSION 0x00000008
-
-typedef CK_ULONG CK_OBJECT_HANDLE, *CK_OBJECT_HANDLE_PTR;
-
-typedef CK_ULONG CK_OBJECT_CLASS, *CK_OBJECT_CLASS_PTR;
-
-#define CKO_DATA 0x00000000
-#define CKO_PUBLIC_KEY 0x00000002
-#define CKO_PRIVATE_KEY 0x00000003
-#define CKO_SECRET_KEY 0x00000004
-
-typedef CK_ULONG CK_KEY_TYPE;
-
-#define CKK_RSA 0x00000000
-#define CKK_DSA 0x00000001
-#define CKK_DH 0x00000002
-#define CKK_EC 0x00000003
-
-#define CKK_GENERIC_SECRET 0x00000010
-
-#define CKK_RC4 0x00000012
-#define CKK_DES 0x00000013
-#define CKK_DES2 0x00000014
-#define CKK_DES3 0x00000015
-
-#define CKK_AES 0x0000001F
-
-#define CKK_VENDOR_DEFINED 0x80000000
-
-typedef CK_ULONG CK_ATTRIBUTE_TYPE;
-
-#define CKF_ARRAY_ATTRIBUTE 0x40000000
-
-#define CKA_CLASS 0x00000000
-#define CKA_TOKEN 0x00000001
-#define CKA_PRIVATE 0x00000002
-#define CKA_VALUE 0x00000011
-
-#define CKA_OBJECT_ID 0x00000012
-
-#define CKA_KEY_TYPE 0x00000100
-#define CKA_ID 0x00000102
-#define CKA_SENSITIVE 0x00000103
-#define CKA_ENCRYPT 0x00000104
-#define CKA_DECRYPT 0x00000105
-#define CKA_WRAP 0x00000106
-#define CKA_UNWRAP 0x00000107
-#define CKA_SIGN 0x00000108
-#define CKA_VERIFY 0x0000010A
-#define CKA_DERIVE 0x0000010C
-#define CKA_MODULUS 0x00000120
-#define CKA_MODULUS_BITS 0x00000121
-#define CKA_PUBLIC_EXPONENT 0x00000122
-#define CKA_PRIVATE_EXPONENT 0x00000123
-#define CKA_PRIME_1 0x00000124
-#define CKA_PRIME_2 0x00000125
-#define CKA_EXPONENT_1 0x00000126
-#define CKA_EXPONENT_2 0x00000127
-#define CKA_COEFFICIENT 0x00000128
-#define CKA_PRIME 0x00000130
-#define CKA_SUBPRIME 0x00000131
-#define CKA_BASE 0x00000132
-
-#define CKA_VALUE_BITS 0x00000160
-#define CKA_VALUE_LEN 0x00000161
-
-#define CKA_EXTRACTABLE 0x00000162
-
-#define CKA_MODIFIABLE 0x00000170
-#define CKA_COPYABLE 0x00000171
-#define CKA_ALWAYS_AUTHENTICATE 0x00000202
-
-#define CKA_VENDOR_DEFINED 0x80000000
-
-#define CKAV_ALLOW_NON_SENSITIVE_DERIVED_KEY 0x80000001
-
-typedef struct CK_ATTRIBUTE
-{
- CK_ATTRIBUTE_TYPE type;
- void* pValue;
- CK_ULONG ulValueLen;
-}
-CK_ATTRIBUTE, *CK_ATTRIBUTE_PTR;
-
-typedef CK_ULONG CK_MECHANISM_TYPE, *CK_MECHANISM_TYPE_PTR;
-
-#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000
-#define CKM_RSA_PKCS 0x00000001
-#define CKM_RSA_X_509 0x00000003
-#define CKM_MD5_RSA_PKCS 0x00000005
-#define CKM_SHA1_RSA_PKCS 0x00000006
-#define CKM_RSA_PKCS_OAEP 0x00000009
-#define CKM_RSA_PKCS_PSS 0x0000000D
-#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E
-#define CKM_DSA_KEY_PAIR_GEN 0x00000010
-#define CKM_DSA 0x00000011
-#define CKM_DSA_SHA1 0x00000012
-#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020
-#define CKM_DH_PKCS_DERIVE 0x00000021
-#define CKM_SHA256_RSA_PKCS 0x00000040
-#define CKM_SHA384_RSA_PKCS 0x00000041
-#define CKM_SHA512_RSA_PKCS 0x00000042
-#define CKM_SHA256_RSA_PKCS_PSS 0x00000043
-#define CKM_SHA384_RSA_PKCS_PSS 0x00000044
-#define CKM_SHA512_RSA_PKCS_PSS 0x00000045
-#define CKM_SHA224_RSA_PKCS 0x00000046
-#define CKM_SHA224_RSA_PKCS_PSS 0x00000047
-#define CKM_RC4_KEY_GEN 0x00000110
-#define CKM_RC4 0x00000111
-#define CKM_DES_KEY_GEN 0x00000120
-#define CKM_DES_ECB 0x00000121
-#define CKM_DES_CBC 0x00000122
-#define CKM_DES_MAC 0x00000123
-#define CKM_DES2_KEY_GEN 0x00000130
-#define CKM_DES3_KEY_GEN 0x00000131
-#define CKM_DES3_ECB 0x00000132
-#define CKM_DES3_CBC 0x00000133
-#define CKM_DES3_MAC 0x00000134
-#define CKM_MD5 0x00000210
-#define CKM_MD5_HMAC 0x00000211
-#define CKM_SHA_1 0x00000220
-#define CKM_SHA_1_HMAC 0x00000221
-#define CKM_SHA256 0x00000250
-#define CKM_SHA256_HMAC 0x00000251
-#define CKM_SHA224 0x00000255
-#define CKM_SHA224_HMAC 0x00000256
-#define CKM_SHA384 0x00000260
-#define CKM_SHA384_HMAC 0x00000261
-#define CKM_SHA512 0x00000270
-#define CKM_SHA512_HMAC 0x00000271
-#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350
-#define CKM_AES_KEY_GEN 0x00001080
-#define CKM_AES_ECB 0x00001081
-#define CKM_AES_CBC 0x00001082
-#define CKM_AES_MAC 0x00001083
-#define CKM_AES_CTR 0x00001086
-#define CKM_VENDOR_DEFINED 0x80000000
-#define CKMV_AES_CTR 0x80000001
-
-#define CKMV_IMPLEMENTATION_DEFINED_0 0xC0000000
-#define CKMV_IMPLEMENTATION_DEFINED_1 0xC0000001
-#define CKMV_IMPLEMENTATION_DEFINED_2 0xC0000002
-#define CKMV_IMPLEMENTATION_DEFINED_3 0xC0000003
-#define CKMV_IMPLEMENTATION_DEFINED_4 0xC0000004
-#define CKMV_IMPLEMENTATION_DEFINED_5 0xC0000005
-#define CKMV_IMPLEMENTATION_DEFINED_6 0xC0000006
-#define CKMV_IMPLEMENTATION_DEFINED_7 0xC0000007
-#define CKMV_IMPLEMENTATION_DEFINED_8 0xC0000008
-#define CKMV_IMPLEMENTATION_DEFINED_9 0xC0000009
-#define CKMV_IMPLEMENTATION_DEFINED_10 0xC000000A
-#define CKMV_IMPLEMENTATION_DEFINED_11 0xC000000B
-#define CKMV_IMPLEMENTATION_DEFINED_12 0xC000000C
-#define CKMV_IMPLEMENTATION_DEFINED_13 0xC000000D
-#define CKMV_IMPLEMENTATION_DEFINED_14 0xC000000E
-#define CKMV_IMPLEMENTATION_DEFINED_15 0xC000000F
-
-typedef struct CK_MECHANISM
-{
- CK_MECHANISM_TYPE mechanism;
- void* pParameter;
- CK_ULONG ulParameterLen; /* in bytes */
-}
-CK_MECHANISM, *CK_MECHANISM_PTR;
-
-typedef CK_ULONG CK_RV;
-
-#define CKR_OK 0x00000000
-#define CKR_CANCEL 0x00000001
-#define CKR_HOST_MEMORY 0x00000002
-#define CKR_SLOT_ID_INVALID 0x00000003
-#define CKR_GENERAL_ERROR 0x00000005
-#define CKR_ARGUMENTS_BAD 0x00000007
-#define CKR_ATTRIBUTE_SENSITIVE 0x00000011
-#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012
-#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013
-#define CKR_COPY_PROHIBITED 0x0000001A
-#define CKR_DATA_INVALID 0x00000020
-#define CKR_DATA_LEN_RANGE 0x00000021
-#define CKR_DEVICE_ERROR 0x00000030
-#define CKR_DEVICE_MEMORY 0x00000031
-#define CKR_ENCRYPTED_DATA_INVALID 0x00000040
-#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041
-#define CKR_KEY_HANDLE_INVALID 0x00000060
-#define CKR_KEY_SIZE_RANGE 0x00000062
-#define CKR_KEY_TYPE_INCONSISTENT 0x00000063
-#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068
-#define CKR_KEY_NOT_WRAPPABLE 0x00000069
-#define CKR_MECHANISM_INVALID 0x00000070
-#define CKR_MECHANISM_PARAM_INVALID 0x00000071
-#define CKR_OBJECT_HANDLE_INVALID 0x00000082
-#define CKR_OPERATION_ACTIVE 0x00000090
-#define CKR_OPERATION_NOT_INITIALIZED 0x00000091
-#define CKR_PIN_INCORRECT 0x000000A0
-#define CKR_SESSION_COUNT 0x000000B1
-#define CKR_SESSION_HANDLE_INVALID 0x000000B3
-#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4
-#define CKR_SESSION_READ_ONLY 0x000000B5
-#define CKR_SIGNATURE_INVALID 0x000000C0
-#define CKR_SIGNATURE_LEN_RANGE 0x000000C1
-#define CKR_TEMPLATE_INCOMPLETE 0x000000D0
-#define CKR_TEMPLATE_INCONSISTENT 0x000000D1
-#define CKR_TOKEN_NOT_PRESENT 0x000000E0
-#define CKR_USER_ALREADY_LOGGED_IN 0x00000100
-#define CKR_USER_NOT_LOGGED_IN 0x00000101
-#define CKR_USER_TYPE_INVALID 0x00000103
-#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112
-#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113
-#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120
-#define CKR_RANDOM_NO_RNG 0x00000121
-#define CKR_BUFFER_TOO_SMALL 0x00000150
-#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190
-#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191
-#define CKR_VENDOR_DEFINED 0x80000000
-
-typedef CK_RV (*CK_NOTIFY)(
- CK_SESSION_HANDLE hSession,
- CK_NOTIFICATION event,
- void* pApplication
-);
-
-typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE, *CK_RSA_PKCS_MGF_TYPE_PTR;
-
-#define CKG_MGF1_SHA1 0x00000001
-#define CKG_MGF1_SHA256 0x00000002
-#define CKG_MGF1_SHA384 0x00000003
-#define CKG_MGF1_SHA512 0x00000004
-#define CKG_MGF1_SHA224 0x00000005
-
-typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE, *CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR;
-
-#define CKZ_DATA_SPECIFIED 0x00000001
-typedef struct CK_RSA_PKCS_OAEP_PARAMS
-{
- CK_MECHANISM_TYPE hashAlg;
- CK_RSA_PKCS_MGF_TYPE mgf;
- CK_RSA_PKCS_OAEP_SOURCE_TYPE source;
- void* pSourceData;
- CK_ULONG ulSourceDataLen;
-}
-CK_RSA_PKCS_OAEP_PARAMS, *CK_RSA_PKCS_OAEP_PARAMS_PTR;
-
-typedef struct CK_RSA_PKCS_PSS_PARAMS
-{
- CK_MECHANISM_TYPE hashAlg;
- CK_RSA_PKCS_MGF_TYPE mgf;
- CK_ULONG sLen;
-}
-CK_RSA_PKCS_PSS_PARAMS, *CK_RSA_PKCS_PSS_PARAMS_PTR;
-
-typedef struct CK_AES_CTR_PARAMS
-{
- CK_ULONG ulCounterBits;
- CK_BYTE cb[16];
-}
-CK_AES_CTR_PARAMS, *CK_AES_CTR_PARAMS_PTR;
-
-/*------------------------------------------
-* Functions
-*------------------------------------------*/
-CK_RV PKCS11_EXPORT C_Initialize(void* pInitArgs);
-
-CK_RV PKCS11_EXPORT C_Finalize(void* pReserved);
-
-CK_RV PKCS11_EXPORT C_GetInfo(CK_INFO* pInfo);
-
-CK_RV PKCS11_EXPORT C_OpenSession(
- CK_SLOT_ID slotID,
- CK_FLAGS flags,
- void* pApplication,
- CK_NOTIFY Notify,
- CK_SESSION_HANDLE* phSession);
-
-CK_RV PKCS11_EXPORT C_CloseSession(
- CK_SESSION_HANDLE hSession);
-
-CK_RV PKCS11_EXPORT C_Login(
- CK_SESSION_HANDLE hSession,
- CK_USER_TYPE userType,
- const CK_UTF8CHAR* pPin,
- CK_ULONG ulPinLen);
-
-CK_RV PKCS11_EXPORT C_Logout(
- CK_SESSION_HANDLE hSession);
-
-CK_RV PKCS11_EXPORT C_CreateObject(
- CK_SESSION_HANDLE hSession,
- const CK_ATTRIBUTE* pTemplate,
- CK_ULONG ulCount,
- CK_OBJECT_HANDLE* phObject);
-
-CK_RV PKCS11_EXPORT C_DestroyObject(
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject);
-
-CK_RV PKCS11_EXPORT C_GetAttributeValue(
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ATTRIBUTE* pTemplate,
- CK_ULONG ulCount);
-
-CK_RV PKCS11_EXPORT C_FindObjectsInit(
- CK_SESSION_HANDLE hSession,
- const CK_ATTRIBUTE* pTemplate,
- CK_ULONG ulCount);
-
-CK_RV PKCS11_EXPORT C_FindObjects(
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE* phObject,
- CK_ULONG ulMaxObjectCount,
- CK_ULONG* pulObjectCount);
-
-CK_RV PKCS11_EXPORT C_FindObjectsFinal(
- CK_SESSION_HANDLE hSession);
-
-CK_RV PKCS11_EXPORT C_EncryptInit(
- CK_SESSION_HANDLE hSession,
- const CK_MECHANISM* pMechanism,
- CK_OBJECT_HANDLE hKey);
-
-CK_RV PKCS11_EXPORT C_Encrypt(
- CK_SESSION_HANDLE hSession,
- const CK_BYTE* pData,
- CK_ULONG ulDataLen,
- CK_BYTE* pEncryptedData,
- CK_ULONG* pulEncryptedDataLen);
-
-CK_RV PKCS11_EXPORT C_EncryptUpdate(
- CK_SESSION_HANDLE hSession,
- const CK_BYTE* pPart,
- CK_ULONG ulPartLen,
- CK_BYTE* pEncryptedPart,
- CK_ULONG* pulEncryptedPartLen);
-
-CK_RV PKCS11_EXPORT C_EncryptFinal(
- CK_SESSION_HANDLE hSession,
- CK_BYTE* pLastEncryptedPart,
- CK_ULONG* pulLastEncryptedPartLen);
-
-CK_RV PKCS11_EXPORT C_DecryptInit(
- CK_SESSION_HANDLE hSession,
- const CK_MECHANISM* pMechanism,
- CK_OBJECT_HANDLE hKey);
-
-CK_RV PKCS11_EXPORT C_Decrypt(
- CK_SESSION_HANDLE hSession,
- const CK_BYTE* pEncryptedData,
- CK_ULONG ulEncryptedDataLen,
- CK_BYTE* pData,
- CK_ULONG* pulDataLen);
-
-CK_RV PKCS11_EXPORT C_DecryptUpdate(
- CK_SESSION_HANDLE hSession,
- const CK_BYTE* pEncryptedPart,
- CK_ULONG ulEncryptedPartLen,
- CK_BYTE* pPart,
- CK_ULONG* pulPartLen);
-
-CK_RV PKCS11_EXPORT C_DecryptFinal(
- CK_SESSION_HANDLE hSession,
- CK_BYTE* pLastPart,
- CK_ULONG* pulLastPartLen);
-
-CK_RV PKCS11_EXPORT C_DigestInit(
- CK_SESSION_HANDLE hSession,
- const CK_MECHANISM* pMechanism);
-
-CK_RV PKCS11_EXPORT C_Digest(
- CK_SESSION_HANDLE hSession,
- const CK_BYTE* pData,
- CK_ULONG ulDataLen,
- CK_BYTE* pDigest,
- CK_ULONG* pulDigestLen);
-
-CK_RV PKCS11_EXPORT C_DigestUpdate(
- CK_SESSION_HANDLE hSession,
- const CK_BYTE* pPart,
- CK_ULONG ulPartLen);
-
-CK_RV PKCS11_EXPORT C_DigestFinal(
- CK_SESSION_HANDLE hSession,
- CK_BYTE* pDigest,
- CK_ULONG* pulDigestLen);
-
-CK_RV PKCS11_EXPORT C_SignInit(
- CK_SESSION_HANDLE hSession,
- const CK_MECHANISM* pMechanism,
- CK_OBJECT_HANDLE hKey);
-
-CK_RV PKCS11_EXPORT C_Sign(
- CK_SESSION_HANDLE hSession,
- const CK_BYTE* pData,
- CK_ULONG ulDataLen,
- CK_BYTE* pSignature,
- CK_ULONG* pulSignatureLen);
-
-CK_RV PKCS11_EXPORT C_SignUpdate(
- CK_SESSION_HANDLE hSession,
- const CK_BYTE* pPart,
- CK_ULONG ulPartLen);
-
-CK_RV PKCS11_EXPORT C_SignFinal(
- CK_SESSION_HANDLE hSession,
- CK_BYTE* pSignature,
- CK_ULONG* pulSignatureLen);
-
-CK_RV PKCS11_EXPORT C_VerifyInit(
- CK_SESSION_HANDLE hSession,
- const CK_MECHANISM* pMechanism,
- CK_OBJECT_HANDLE hKey);
-
-CK_RV PKCS11_EXPORT C_Verify(
- CK_SESSION_HANDLE hSession,
- const CK_BYTE* pData,
- CK_ULONG ulDataLen,
- CK_BYTE* pSignature,
- CK_ULONG ulSignatureLen);
-
-CK_RV PKCS11_EXPORT C_VerifyUpdate(
- CK_SESSION_HANDLE hSession,
- const CK_BYTE* pPart,
- CK_ULONG ulPartLen);
-
-CK_RV PKCS11_EXPORT C_VerifyFinal(
- CK_SESSION_HANDLE hSession,
- const CK_BYTE* pSignature,
- CK_ULONG ulSignatureLen);
-
-CK_RV PKCS11_EXPORT C_GenerateKey(
- CK_SESSION_HANDLE hSession,
- const CK_MECHANISM* pMechanism,
- const CK_ATTRIBUTE* pTemplate,
- CK_ULONG ulCount,
- CK_OBJECT_HANDLE* phKey);
-
-CK_RV PKCS11_EXPORT C_GenerateKeyPair(
- CK_SESSION_HANDLE hSession,
- const CK_MECHANISM* pMechanism,
- const CK_ATTRIBUTE* pPublicKeyTemplate,
- CK_ULONG ulPublicKeyAttributeCount,
- const CK_ATTRIBUTE* pPrivateKeyTemplate,
- CK_ULONG ulPrivateKeyAttributeCount,
- CK_OBJECT_HANDLE* phPublicKey,
- CK_OBJECT_HANDLE* phPrivateKey);
-
-CK_RV PKCS11_EXPORT C_DeriveKey(
- CK_SESSION_HANDLE hSession,
- const CK_MECHANISM* pMechanism,
- CK_OBJECT_HANDLE hBaseKey,
- const CK_ATTRIBUTE* pTemplate,
- CK_ULONG ulAttributeCount,
- CK_OBJECT_HANDLE* phKey);
-
-CK_RV PKCS11_EXPORT C_SeedRandom(
- CK_SESSION_HANDLE hSession,
- const CK_BYTE* pSeed,
- CK_ULONG ulSeedLen);
-
-CK_RV PKCS11_EXPORT C_GenerateRandom(
- CK_SESSION_HANDLE hSession,
- CK_BYTE* pRandomData,
- CK_ULONG ulRandomLen);
-
-CK_RV PKCS11_EXPORT C_CloseObjectHandle(
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject);
-
-CK_RV PKCS11_EXPORT C_CopyObject(
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- const CK_ATTRIBUTE* pTemplate,
- CK_ULONG ulAttributeCount,
- CK_OBJECT_HANDLE* phNewObject);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __PKCS11_H__ */
diff --git a/self-extractors/nvidia/staging/keymaster/s_type.h b/self-extractors/nvidia/staging/keymaster/s_type.h
deleted file mode 100644
index ae260cc..0000000
--- a/self-extractors/nvidia/staging/keymaster/s_type.h
+++ /dev/null
@@ -1,146 +0,0 @@
-/**
- * Copyright(c) 2011 Trusted Logic. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- * * Neither the name Trusted Logic nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * Definition of the machine-specific integer types
- **/
-#ifndef __S_TYPE_H__
-#define __S_TYPE_H__
-
-/* C99 integer types */
-#if (!defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L) &&(!defined(ANDROID))
-
-#include <limits.h>
-
-/* Figure out if a 64-bit integer types is available */
-#if \
- defined(_MSC_VER) || \
- defined(__SYMBIAN32__) || \
- defined(_WIN32_WCE) || \
- (defined(ULLONG_MAX) && ULLONG_MAX == 0xFFFFFFFFFFFFFFFFULL) || \
- (defined(ULONG_LONG_MAX) && ULONG_LONG_MAX == 0xFFFFFFFFFFFFFFFFULL)
-typedef unsigned long long uint64_t;
-typedef long long int64_t;
-#else
-#define __S_TYPE_INT64_UNDEFINED
-#endif
-
-#if UINT_MAX == 0xFFFFFFFF
-typedef unsigned int uint32_t;
-typedef int int32_t;
-#elif ULONG_MAX == 0xFFFFFFFF
-typedef unsigned long uint32_t;
-typedef long int32_t;
-#else
-#error This compiler is not supported.
-#endif
-
-#if USHRT_MAX == 0xFFFF
-typedef unsigned short uint16_t;
-typedef short int16_t;
-#else
-#error This compiler is not supported.
-#endif
-
-#if UCHAR_MAX == 0xFF
-typedef unsigned char uint8_t;
-typedef signed char int8_t;
-#else
-#error This compiler is not supported.
-#endif
-
-#if !defined(__cplusplus)
-typedef unsigned char bool;
-#define false ( (bool)0 )
-#define true ( (bool)1 )
-#endif
-
-#else /* !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L */
-
-#include <stdbool.h>
-#include <stdint.h>
-
-#endif /* !(!defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L) */
-
-#include <stddef.h>
-
-#ifndef NULL
-# ifdef __cplusplus
-# define NULL 0
-# else
-# define NULL ((void *)0)
-# endif
-#endif
-
-#define IN
-#define OUT
-
-/*
- * Definition of other common types
- */
-
-typedef uint32_t S_RESULT;
-typedef S_RESULT TEEC_Result;
-typedef S_RESULT SM_ERROR;
-
-typedef uint32_t S_HANDLE;
-typedef S_HANDLE SM_HANDLE;
-#define S_HANDLE_NULL ((S_HANDLE)0)
-#define SM_HANDLE_INVALID S_HANDLE_NULL
-
-/** Definition of an UUID (from RFC 4122 http://www.ietf.org/rfc/rfc4122.txt) */
-typedef struct S_UUID
-{
- uint32_t time_low;
- uint16_t time_mid;
- uint16_t time_hi_and_version;
- uint8_t clock_seq_and_node[8];
-}S_UUID;
-typedef S_UUID TEEC_UUID;
-typedef S_UUID SM_UUID;
-
-/* DLL Import/Export directives */
-
-#if defined(WIN32) || defined(__ARMCC_VERSION) || defined(__WINSCW__) || defined(_WIN32_WCE)
-# define S_DLL_EXPORT __declspec(dllexport)
-# define S_DLL_IMPORT __declspec(dllimport)
-# define S_NO_RETURN __declspec(noreturn)
-#elif defined(__GNUC__)
-# define S_DLL_EXPORT __attribute__ ((visibility ("default")))
-# define S_DLL_IMPORT __attribute__ ((visibility ("default")))
-# define S_NO_RETURN __attribute__ ((noreturn))
-#else
-# define S_DLL_EXPORT
-# define S_DLL_IMPORT
-# define S_NO_RETURN
-#endif
-
-#endif /* __S_TYPE_H__ */
-
